Adfs Secondary node has incorect token and decryption certificate how to force sync

Olafur Gunnarsson 0 Reputation points
2023-07-13T14:30:25.03+00:00

Client replaced his Adfs token and decryption certificates a month ago and users had been complaining of slow authentication.

I took a look and found that the secondary node appears to still be using the old certificates

Errors are event 381 An error occurred during an attempt to build the certificate chain for configuration certificate identified by thumbprint 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'. Possible causes are that the certificate has been revoked or certificate is not within its validity period.

I have attempted to restart the secondary server and restart the service which did not work

i took al ook in the private cert store for the service account and found that the new certs are not present on the secondary node and it is attempting to use the old ones.

Exporting and importing from the primary manually doesnt seem possible as it requires exporting with the private key and that option is greyed out.

Is there any way for me to force the secondary to update with the new correct certificates ?

Restart did not work. restart of the adfs service did not work

Would making the secondary into primary force it to pickup the correct certs?

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,166 questions
0 comments No comments
{count} votes